Observable Behavioral Discrepancy
Incomplete Base
Structure: Simple
Description
The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or (2) differences from other products with equivalent functionality.
Ideally, a product should provide as little information about its internal operations as possible. Otherwise, attackers could use knowledge of these internal operations to simplify or optimize their attack. In some cases, behavioral discrepancies can be used by attackers to form a side channel.
Common Consequences 1
Scope: ConfidentialityAccess Control
Impact: Read Application DataBypass Protection Mechanism
Observed Examples 2
CVE-2002-0208Product modifies TCP/IP stack and ICMP error messages in unusual ways that show the product is in use.
CVE-2004-2252Behavioral infoleak by responding to SYN-FIN packets.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Attack Patterns
Related Weaknesses
ChildOf:
Observable Discrepancy (CWE-203)
CanPrecede:
Covert Channel (CWE-514)
Taxonomy Mapping
- PLOVER
- WASC